surveillance | Breaking Cybersecurity News | The Hacker News

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1 , iPadOS 17.7.5 , macOS Sequoia 15.3.1 , macOS Sonoma 14.7.4 , macOS Ventura 13.7.4 , watchOS 11.3.1 , and visionOS 2.3.1 . "A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link," the company said in an advisory, adding the vulnerability was addressed with improved checks. The iPhone maker also acknowledged that it's aware the vulnerability "may have been exploited in an extremely sophisticated attack against specifically targeted individuals." It's worth noting that the iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 updates also resolved another actively exploited zero-day tracked as CVE-2025-24200. It's curr...

Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to "identify and access exposed Tomcat services at scale." To that end, 295 unique IP addresses have been found to be engaged in brute-force attempts against Tomcat Manager on that date, with all of them classified as malicious. Over the past 24 hours, 188 unique IPs have been recorded, a majority of them located in the United States, the United Kingdom, Germany, the Netherlands, and Singapore. In a similar vein, 298 unique IPs were observed conducting login attempts against Tomcat Manager instances. Of the 246 IP addresses flagged in the last 24 hours, all of them are categorized as malicious and originate from the same locations. Targets of these attempts include the United States, the Uni...

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019, accusing the latter of using Pegasus to target journalists, human rights activists, and political dissidents. Court documents released as part of the trial have revealed that 456 Mexicans were targeted during the campaign, followed by 100 victims in India, 82 in Bahrain, 69 in Morocco, and 58 in Pakistan. In total, individuals across 51 different countries were targeted. The attacks leveraged a then zero-day vulnerability in WhatsApp's voice calling feature ( CVE-2019-3568 , CVSS score: 9.8) to trigger the deployment of the spyware.  In a ruling issued in December 2024, United States ...

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur language. "Although the malware itself was not particularly advanced, the delivery of the malware was extremely well customized to reach the target population and technical artifacts show that activity related to this campaign began in at least May of 2024," the Citizen Lab said in a Monday report. The investigation, according to the digital rights research laboratory based at the University of Toronto, was prompted after the targets received notifications from Google warning that their accounts had been at the receiving end of government-backed attacks. Some of these alerts we...

An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first documented in 2021, has a track record of being used against Indian military-related targets. Subsequent iterations of the malware have been discovered masquerading as dating and instant messaging apps to deceive prospective victims. It's known to be active since at least late 2019. In November 2021, Meta attributed a Pakistan-aligned threat actor dubbed SideCopy – believed to be a sub-cluster within Transparent Tribe – to the use of PJobRAT and Mayhem as part of highly-targeted attacks directed against people in Afghanistan, specifically those with ties to government, mil...